Towards automatic detection and mitigation of high-risk cybersecurity vulnerabilities at networked systems

Abstract

The current manuscript investigates a comprehensive security framework designed to proactively detect, classify, prioritize, and mitigate high-risk cybersecurity vulnerabilities in networked systems controlled by software-defined networking (SDN). While available literature explores various approaches, it lacks solutions that aggregate in a logically centralized and automated ways the previous referred capabilities. Orchestrating efficiently all these capabilities is crucial to continuously ensure the reliable operation of high-complexity networked systems. This article integrates in a novel way SDN with the Security Orchestration, Automation, and Response (SOAR) paradigm to automatically identify and address security vulnerabilities in network devices before they can be exploited. The proposed open-source framework leverages standardized risk indicators to rank discovered vulnerabilities and apply the most suitable mitigation strategies to mitigate the vulnerabilities with the highest risk of being explored against the system normal operation. The paper framework enhances the reactive security capabilities offered by legacy network devices such as Firewalls and Intrusion Detection Systems (IDSs). The paper details the design, implementation, and evaluation of the framework, validated through both emulation and hardware-based tests. The results confirm that the solution is effective in identifying and mitigating vulnerabilities across diverse devices. Analyzing the results obtained from scalability tests, as the number of scanned devices exceeds a certain threshold, CPU usage increases significantly, while memory and communication resources remain underutilized. In addition, after identifying high-risk device vulnerabilities, the framework automatically applies mitigation measures, timely protecting the system normal operation. Future work may improve the capabilities of the framework by using artificial intelligence for more efficient device vulnerability discovery, context-aware security risk evaluation, and better-aligned mitigation actions targeting identified high-risk security vulnerabilities.